MDVSA-2013:180

Problembeschreibung

A vulnerability has been discovered and corrected in curl:

libcurl is vulnerable to a case of bad checking of the input data
which may lead to heap corruption. The function curl_easy_unescape()
decodes URL encoded strings to raw binary data. URL encoded octets are
represented with \%HH combinations where HH is a two-digit hexadecimal
number. The decoded string is written to an allocated memory area
that the function returns to the caller (CVE-2013-2174).